gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

localModules -> local

Browse source 
moved keys to their own module

updated nix

switching pinning method
This commit is contained in:
Gerg-L 2023-07-02 00:33:46 -04:00
parent 2057ff5d17
commit 160a5c3ffe
24 changed files with 187 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -3,16 +3,16 @@ keys:
- &moms-laptop age1vxx3qdsucv2v2slag67c4f0kwd8jtta4tue6m8d9xfl4ryrqvyusxgwl68
- &game-laptop age1egxes320renph0uevtmnsz4d5aw0z794c5nwrk2z6249wv2yevgqx9cf90
creation_rules:
- path_regex: systems/gerg-desktop/secrets.yaml$
- path_regex: hosts/gerg-desktop/secrets.yaml$
key_groups:
- age:
- *gerg-desktop
- path_regex: systems/moms-laptop/secrets.yaml$
- path_regex: hosts/moms-laptop/secrets.yaml$
key_groups:
- age:
- *moms-laptop
- *gerg-desktop
- path_regex: systems/game-laptop/secrets.yaml$
- path_regex: hosts/game-laptop/secrets.yaml$
key_groups:
- age:
- *game-laptop

79
flake.lock generated
View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1687747614,
"narHash": "sha256-KXspKgtdO2YRL12Jv0sUgkwOwHrAFwdIG/90pDx8Ydg=",
"lastModified": 1687968164,
"narHash": "sha256-L9jr2zCB6NIaBE3towusjGBigsnE2pMID8wBGkYbTS4=",
"owner": "nix-community",
"repo": "disko",
"rev": "fef67a1ddc293b595d62a660f57deabbcb70ff95",
"rev": "8002e7cb899bc2a02a2ebfb7f999fcd7c18b92a1",
"type": "github"
},
"original": {
@ -27,11 +27,11 @@
]
},
"locked": {
"lastModified": 1687390847,
"narHash": "sha256-T75KT5XFPMvmHOdxuoWotI+vCIM2cM5192QxLxenudU=",
"lastModified": 1688267694,
"narHash": "sha256-dU20pHcJkr08p9kJij4vLWGLahmXC09Fl22ywO24quQ=",
"owner": "gerg-L",
"repo": "fetch-rs",
"rev": "a571c0c6768db9c643cc81735a1a12799d09ed4e",
"rev": "45b0a9038ac0b73b2f37e16d83143f5d869595a0",
"type": "github"
},
"original": {
@ -74,11 +74,11 @@
},
"master": {
"locked": {
"lastModified": 1687829807,
"narHash": "sha256-3frHlJgnHai4BCR67iAn8rpOpVMYGGsxXP/RD9CJeug=",
"lastModified": 1688270854,
"narHash": "sha256-GLH4R4BseIDNrs6TukaXgzjKgFT0mSrYwS2bc+WZ0lM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "71a84fc822c1d8f41d6b70ce31c600dd45dc7ac3",
"rev": "3454e7a9c8c78ee815bd2d5d3ff8a977f4d419f3",
"type": "github"
},
"original": {
@ -90,16 +90,17 @@
"neovim-src": {
"flake": false,
"locked": {
"lastModified": 1686422003,
"narHash": "sha256-Ekqqm2/FigfyhuCfx1BkePPsABdTwm7PJdiTaHPXems=",
"lastModified": 1688085369,
"narHash": "sha256-g/2k/heQXYN38xutKf3JoeAe3bpmLswR/F8oupPzxdM=",
"owner": "neovim",
"repo": "neovim",
"rev": "302d3cfb96d7f0c856262e1a4252d058e3300c8b",
"rev": "d7bb19e0138c7363ed40c142972c07e4e1912785",
"type": "github"
},
"original": {
"owner": "neovim",
"repo": "neovim",
"rev": "d7bb19e0138c7363ed40c142972c07e4e1912785",
"type": "github"
}
},
@ -111,17 +112,17 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1686310844,
"narHash": "sha256-QS9/9v+bPTKb7HtB9a5zb4a6+IErwpfhHaqwi0PN0K8=",
"lastModified": 1688234932,
"narHash": "sha256-X0Tus1uP+tSBySLCUKlmV/Nv7Vfj4ljBL/ptsS0DQ6s=",
"owner": "nixos",
"repo": "nix",
"rev": "03f9ff6ea59d21c6d7b29c64a03d5041bd621261",
"rev": "7b39a388b382e7912de3c5951faad42fe2d72f48",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nix",
"rev": "03f9ff6ea59d21c6d7b29c64a03d5041bd621261",
"rev": "7b39a388b382e7912de3c5951faad42fe2d72f48",
"type": "github"
}
},
@ -148,11 +149,11 @@
]
},
"locked": {
"lastModified": 1687743756,
"narHash": "sha256-WhDERdaMGX73CBxpDfoauKU2Z4NC10+/4khdBbpXjWs=",
"lastModified": 1688003049,
"narHash": "sha256-5oSxbv8OVSg2dOvycJ9eisacxF8e52N0PVUFryWWJmE=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "844ce2ab9a0ba819b30df1fff2c48c9b2b2344be",
"rev": "bde0bc291c95b710dd63d5e5c422e47f760a1406",
"type": "github"
},
"original": {
@ -195,11 +196,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1687031877,
"narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=",
"lastModified": 1688256355,
"narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e2e2059d19668dab1744301b8b0e821e3aae9c99",
"rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c",
"type": "github"
},
"original": {
@ -217,11 +218,11 @@
]
},
"locked": {
"lastModified": 1686447176,
"narHash": "sha256-d+chVhxA6k7uYyj9Ig+HL5TTiy62AUhp80n7r4b0CAI=",
"lastModified": 1688269212,
"narHash": "sha256-psck0cUFcbmAadVbSqEkYqUDk6mFVBBnGEaNmLm1cFQ=",
"owner": "gerg-L",
"repo": "nvim-flake",
"rev": "8327aa444b285b7e4d042c609c118e4eb38d8376",
"rev": "32f337f1dda040aa2d1b2126ba5a16ff5cfe5502",
"type": "github"
},
"original": {
@ -270,11 +271,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1687398569,
"narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=",
"lastModified": 1688268466,
"narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "2ff6973350682f8d16371f8c071a304b8067f192",
"rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957",
"type": "github"
},
"original": {
@ -290,8 +291,8 @@
]
},
"locked": {
"lastModified": 1687749665,
"narHash": "sha256-wvpL4zqF5DoqkKuEkNVuvwXPBz7pnxc2c0z/a5FgndU=",
"lastModified": 1688271042,
"narHash": "sha256-jO2i5SAX87yh7MJtZ2kmlWwFBC90TyeBWjCzcs6Z2Jk=",
"path": "/home/gerg/Projects/spicetify-nix",
"type": "path"
},
@ -302,11 +303,11 @@
},
"stable": {
"locked": {
"lastModified": 1687729501,
"narHash": "sha256-mTLkMePoHUWvTCf3NuKbeYEea/tsikSIKBWwb9OfRr4=",
"lastModified": 1688109178,
"narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "35130d4b4f0b8c50ed2aceb909a538c66c91d4a0",
"rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
"type": "github"
},
"original": {
@ -323,11 +324,11 @@
]
},
"locked": {
"lastModified": 1686447653,
"narHash": "sha256-SjCdEjI6h3y5279VM6MV6Xhmtx9Rmms9MNZw9D/l4jY=",
"lastModified": 1688270082,
"narHash": "sha256-lx053lNJZy16NqeFe3Gqn/ePIiEVrU+TjBwLhMxxhmw=",
"owner": "gerg-L",
"repo": "suckless",
"rev": "3e7fb0d693fce7a1592abe692c315b213630222e",
"rev": "99103d012b56965005aabb9619c73e5a802b4284",
"type": "github"
},
"original": {
@ -338,11 +339,11 @@
},
"unstable": {
"locked": {
"lastModified": 1687681650,
"narHash": "sha256-M2If+gRcfpmaJy/XbfSsRzLlPpoU4nr0NHnKKl50fd8=",
"lastModified": 1688049487,
"narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1c9db9710cb23d60570ad4d7ab829c2d34403de3",
"rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9",
"type": "github"
},
"original": {

2
flake.nix
View file

@ -6,7 +6,7 @@
stable.url = "github:nixos/nixpkgs/nixos-23.05";
pipewire_fix.url = "github:nixos/nixpkgs/45a55711fe12d0aada3aa04746082cf1b83dfbf3";
#nix 2.17
nix.url = "github:nixos/nix/03f9ff6ea59d21c6d7b29c64a03d5041bd621261";
nix.url = "github:nixos/nix/7b39a388b382e7912de3c5951faad42fe2d72f48";
nixos-generators = {
url = "github:nix-community/nixos-generators";

8
hosts/game-laptop/default.nix
View file

@ -3,7 +3,7 @@ _: {
config,
...
}: {
localModules = {
local = {
remoteBuild.enable = true;
DE.gnome.enable = true;
DM = {
@ -62,9 +62,9 @@ _: {
uid = 0;
home = "/root";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop"
config.local.keys.gerg_gerg-phone
config.local.keys.gerg_gerg-windows
config.local.keys.gerg_gerg-desktop
];
passwordFile = config.sops.secrets.root.path;
};

8
hosts/gerg-desktop/containers/website.nix_ → hosts/gerg-desktop/containers/website.nix
View file

@ -63,11 +63,11 @@ _:{
gitea = {
enable = true;
appName = "Powered by NixOS";
domain = "git.gerg-l.com";
rootUrl = "https://git.gerg-l.com/";
httpPort = giteaPort;
settings = {
server = {
DOMAIN = "git.gerg-l.com";
ROOT_URL = "https://git.gerg-l.com/";
HTTP_PORT = giteaPort;
LANDING_PAGE = "/explore/repos";
};
ui = {
@ -84,7 +84,7 @@ _:{
};
nextcloud = {
enable = true;
package = pkgs.nextcloud26;
package = pkgs.nextcloud27;
hostName = "next.gerg-l.com";
autoUpdateApps.enable = true;
enableBrokenCiphersForSSE = false;

13
hosts/gerg-desktop/default.nix
View file

@ -3,7 +3,7 @@
config,
...
}: {
localModules = {
local = {
remoteBuild.isBuilder = true;
X11Programs = {
sxhkd.enable = true;
@ -62,6 +62,11 @@
};
};
services.udev.packages = [
pkgs.android-udev-rules
];
programs.adb.enable = true;
networking = {
useDHCP = false;
hostName = "gerg-desktop";
@ -100,10 +105,10 @@
useDefaultShell = true;
uid = 1000;
isNormalUser = true;
extraGroups = ["wheel" "audio"];
extraGroups = ["wheel" "audio" "adbusers"];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
config.local.keys.gerg_gerg-phone
config.local.keys.gerg_gerg-windows
];
passwordFile = config.sops.secrets.gerg.path;
};

5
hosts/gerg-desktop/secrets.yaml
View file

@ -1,5 +1,6 @@
discordenv: ENC[AES256_GCM,data:/A46urPOiqH2ejKmmzCIpR/g2hU6n/AUTNQPikAxvp1PikWgX8JX+NPrGSGgxpn82B70JlwGK9T+9Fe9gaFgswhMrUj19TQ1kERW8HWLJ1LptvJTOsX57rKihJZUwD0v7g/Xof75U68dKPzdSlH7z16r0iOVA6ET4/w=,iv:0HK+0eBMf3awgQrbwXAEsBniTsxqj+izmftoB/UEp64=,tag:EajyB09aJPnHpss3Jv5SaQ==,type:str]
gerg: ENC[AES256_GCM,data:iSwWGIIxQenCPMd/Tith/eagjVINn0mgrO99IG85cP4UXtut6GF2R57XDMeD7SU18vW1ULod/lYuTo0SmmrkmX+wlDWgm4cODw==,iv:fHTcn4ZmjSqLC8jQkuualRbp+RwvgblS1ic6WPb2WEY=,tag:rkDuXhvleKekv3bVpdNNuw==,type:str]
store_key: ENC[AES256_GCM,data:/1wAHcMZl3loV2IR7mj1z51lwfKmaP24DgEjl2w8qwbrKHBIS09meLXrVTvsvQmFM4AvKig9ADs1aeYoVTTEa4QE9nKJ/LyRI5z8dHe7j7H5Y+UI+Syr0CUKN2I9UuqkOAyWrPM=,iv:5cLxhzNawFMTKn+MT5cHILTvggHmxteycL+2bxUPsoc=,tag:q8voriNRZUL4pYYfOvJT0A==,type:str]
website:
nextcloud: ENC[AES256_GCM,data:JoxSXYzBhXV+h4Ar,iv:jKlAwWfX58DpgGbGOqWBIwcnx8EdIxhFKOUzsDccr7w=,tag:L6UBHh1HU8Je+OczQCypXg==,type:str]
sql_gitea: ENC[AES256_GCM,data:Usfd0QDm/4ntj7kzXXYa3O7H7/E=,iv:3xUD2KuQvJUQtai6C+qAnQ2RbkpN5VLK8BUJFiMpQkY=,tag:E6KNzFIZekgecJCBPlw4YA==,type:str]
@ -21,8 +22,8 @@ sops:
dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-19T00:33:35Z"
mac: ENC[AES256_GCM,data:YWGS3fxhEh6Xz/OohJkQdvGzfe9Do7IRN7MiuHo8URbidq6DLsuvN086QNlMQEnopR5BDJ2V+4inKS1xOM+G66e4Ta/uYH7VweamGSk/dGGqAnG5uylljIupSS9WDvI0tpv2PMWrbGV6oEps0SPC2HN7CvhI8EaSQdz3CvEYKgo=,iv:YDKgb90IvwEkfRFMwoy/Y1LREHe2Dzf3Dt97BT/wJuo=,tag:HSmmPdyhF5dr+5IvM+Xo6Q==,type:str]
lastmodified: "2023-07-02T03:02:17Z"
mac: ENC[AES256_GCM,data:iz4xGDiaMNvmNum2R7Bm5NmRBzUo8clhV60hLcHrIpjGwpbrRuWEnsQL6hvUu2O8zZDx7xH0MApig7dYvdNyPaloWiWob/DPT5AgWx++etr40z0Bbl3GHY+WQQdqU+E6l+x0LMQYGv3GQv4o166VsnFsCm5ParPeMmZa3+kaxBw=,iv:Q4JL2EtXRD3LKWx95q0Jo27UWHCHn2i6cM87Z/GhO28=,tag:rxwjRdK85znMzX6H/rx+9A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

1
hosts/gerg-desktop/zfs.nix
View file

@ -7,6 +7,7 @@ _: {
systemd.tmpfiles.rules = [
"L+ /etc/ssh/ssh_host_ed25519_key - - - - /persist/ssh/ssh_host_ed25519_key"
"L+ /etc/ssh/ssh_host_ed25519_key.pub - - - - /persist/ssh/ssh_host_ed25519_key.pub"
"L /etc/nixos/flake.nix - - - - /home/gerg/Projects/nixos/flake.nix"
];
#create machine-id for spotify
environment.etc = {

8
hosts/moms-laptop/default.nix
View file

@ -3,7 +3,7 @@ _: {
config,
...
}: {
localModules = {
local = {
remoteBuild.enable = true;
DM = {
lightdm.enable = true;
@ -49,9 +49,9 @@ _: {
uid = 0;
home = "/root";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop"
config.local.keys.gerg_gerg-phone
config.local.keys.gerg_gerg-windows
config.local.keys.gerg_gerg-desktop
];
passwordFile = config.sops.secrets.root.path;
};

4
modules/DE/dwm.nix
View file

@ -8,9 +8,9 @@
lib,
...
}: {
options.localModules.DE.dwm.enable = lib.mkEnableOption "";
options.local.DE.dwm.enable = lib.mkEnableOption "";
config = lib.mkIf config.localModules.DE.dwm.enable {
config = lib.mkIf config.local.DE.dwm.enable {
services.gvfs.enable = true;
services.xserver = {
enable = true;

4
modules/DE/gnome.nix
View file

@ -4,9 +4,9 @@ _: {
pkgs,
...
}: {
options.localModules.DE.gnome.enable = lib.mkEnableOption "";
options.local.DE.gnome.enable = lib.mkEnableOption "";
config = lib.mkIf config.localModules.DE.gnome.enable {
config = lib.mkIf config.local.DE.gnome.enable {
environment = {
systemPackages = [pkgs.gnome.gnome-calculator];
gnome.excludePackages = builtins.attrValues {

4
modules/DE/xfce.nix
View file

@ -4,9 +4,9 @@ _: {
pkgs,
...
}: {
options.localModules.DE.xfce.enable = lib.mkEnableOption "";
options.local.DE.xfce.enable = lib.mkEnableOption "";
config = lib.mkIf config.localModules.DE.xfce.enable {
config = lib.mkIf config.local.DE.xfce.enable {
environment.systemPackages = [pkgs.xfce.xfce4-whiskermenu-plugin];
services.xserver = {
enable = true;

6
modules/DM/autoLogin.nix
View file

@ -3,7 +3,7 @@ _: {
lib,
...
}: {
options.localModules.DM = {
options.local.DM = {
autoLogin = lib.mkEnableOption "";
loginUser = lib.mkOption {
type = lib.types.nullOr lib.types.str;
@ -11,11 +11,11 @@ _: {
};
};
config = lib.mkIf config.localModules.DM.autoLogin {
config = lib.mkIf config.local.DM.autoLogin {
services.xserver.displayManager = {
autoLogin = {
enable = true;
user = config.localModules.DM.loginUser;
user = config.local.DM.loginUser;
};
};
};

6
modules/DM/lightDM.nix
View file

@ -4,9 +4,9 @@
pkgs,
...
}: {
options.localModules.DM.lightdm.enable = lib.mkEnableOption "";
options.local.DM.lightdm.enable = lib.mkEnableOption "";
config = lib.mkIf config.localModules.DM.lightdm.enable {
config = lib.mkIf config.local.DM.lightdm.enable {
services.xserver = {
displayManager = {
lightdm = {
@ -15,7 +15,7 @@
extraConfig = "minimum-vt=1";
greeters.mini = {
enable = true;
user = config.localModules.DM.loginUser;
user = config.local.DM.loginUser;
extraConfig = ''
[greeter]
show-password-label = false

4
modules/X11.nix
View file

@ -4,9 +4,9 @@ _: {
lib,
...
}: let
cfg = config.localModules.X11Programs;
cfg = config.local.X11Programs;
in {
options.localModules.X11Programs = {
options.local.X11Programs = {
sxhkd.enable = lib.mkEnableOption "";
};
config = lib.mkMerge [

30
modules/builders.nix
View file

@ -3,13 +3,13 @@ _: {
lib,
...
}: {
options.localModules.remoteBuild = {
options.local.remoteBuild = {
enable = lib.mkEnableOption "";
isBuilder = lib.mkEnableOption "";
};
config = lib.mkMerge [
(
lib.mkIf config.localModules.remoteBuild.enable {
lib.mkIf config.local.remoteBuild.enable {
nix = {
settings = {
keep-outputs = false;
@ -18,7 +18,6 @@ _: {
max-jobs = 0;
substituters = ["ssh-ng://nix-ssh@gerg-desktop" "https://cache.nixos.org/"];
trusted-public-keys = ["gerg-desktop:6p1+h6jQnb1MOt3ra3PlQpfgEEF4zRrQWiEuAqcjBj8=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="];
secret-key-files = "/persist/cache-keys/cache-priv-key.pem";
};
distributedBuilds = true;
buildMachines = [
@ -30,29 +29,24 @@ _: {
supportedFeatures = ["big-parallel" "nixos-test" "kvm" "benchmark"];
sshUser = "builder";
sshKey = "/etc/ssh/ssh_host_ed25519_key";
publicHostKey = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA";
publicHostKey = config.local.keys.gerg-desktop_fingerprint;
}
];
};
programs.ssh.knownHosts = {
gerg-desktop = {
extraHostNames = ["gerg-desktop.lan"];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1";
};
};
}
)
(
let
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD root@mom-laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I root@game-laptop"
config.local.keys.root_moms-laptop
config.local.keys.root_game-laptop
];
in
lib.mkIf
config.localModules.remoteBuild.isBuilder
config.local.remoteBuild.isBuilder
{
sops.secrets.store_key = {};
users = {
groups.builder = {};
users.builder = {
@ -63,12 +57,22 @@ _: {
group = "builder";
};
};
services.openssh.extraConfig = ''
Match User builder
AllowAgentForwarding no
AllowTcpForwarding no
PermitTTY no
PermitTunnel no
X11Forwarding no
Match All
'';
nix = {
settings = {
trusted-users = ["builder" "nix-ssh"];
keep-outputs = true;
keep-derivations = true;
secret-key-files = config.sops.secrets.store_key.path;
};
sshServe = {
enable = true;

6
modules/direnv.nix
View file

@ -5,11 +5,9 @@ _: {pkgs, ...}: {
DIRENV_LOG_FORMAT = "";
DIRENV_CONFIG = "/etc/direnv";
};
#other direnv configuration goes here
etc."direnv/direnvrc".text = ''
source ${pkgs.nix-direnv}/share/nix-direnv/direnvrc
if [ -e $HOME/.config/direnv/direnvrc ] ; then
source $HOME/.config/direnv/direnvrc
fi
'';
};
programs = {
@ -23,8 +21,10 @@ _: {pkgs, ...}: {
eval "$(direnv hook bash)"
fi
'';
# doesn't work for some reason
# fish.enable = true;
# fish.interactiveShellInit = ''
# set -g direnv_fish_mode disable_arrow
# if status --is-interactive; and not printenv PATH | grep -qc '/nix/store'; and [ -z "$IN_NIX_SHELL" ];
# direnv hook fish | source;
# echo "loaded direnv";

4
modules/git.nix
View file

@ -4,12 +4,12 @@ _: {
lib,
...
}: {
options.localModules.git.disable = lib.mkOption {
options.local.git.disable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf (! config.localModules.git.disable) {
config = lib.mkIf (! config.local.git.disable) {
programs.git = {
enable = true;
package = pkgs.gitMinimal;

4
modules/hardware.nix
View file

@ -3,9 +3,9 @@ _: {
lib,
...
}: let
cfg = config.localModules.hardware;
cfg = config.local.hardware;
in {
options.localModules.hardware = {
options.local.hardware = {
gpuAcceleration = {
disable = lib.mkOption {
type = lib.types.bool;

18
modules/keys.nix Normal file
View file

@ -0,0 +1,18 @@
_: {lib, ...}: {
options = {
local.keys = lib.mkOption {
default = {};
};
};
config = {
local.keys = {
gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU6BnoHIgMLgZVGuvi03J9l5Z1yP1P5Q8QPyjRHyi77 gerg@gerg-phone";
gerg_gerg-windows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows";
root_moms-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD root@moms-laptop";
root_game-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I root@game-laptop";
root_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1 root@gerg-desktop";
gerg-desktop_fingerprint = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA";
gerg_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop";
};
};
}

1
modules/misc.nix
View file

@ -7,7 +7,6 @@ _: {
options = {
dummyvalue = lib.mkOption {
default = {};
type = lib.configType;
};
nixpkgs.allowedUnfree = lib.mkOption {
type = lib.types.listOf lib.types.string;

3
modules/pinning.nix
View file

@ -4,8 +4,7 @@ in
lib.pipe alias [
(lib.filterAttrs (_: v: v._type == "flake"))
(lib.mapAttrsToList (n: input: {
environment.etc."nixpath/${n}".source = input.outPath;
nix.nixPath = ["${n}=/etc/nixpath/${n}"];
nix.nixPath = ["${n}=flake:${n}"];
nix.registry.${n}.flake = input;
}))
lib.mkMerge

52
modules/shell.nix
View file

@ -66,17 +66,54 @@
syntaxHighlighting.enable = true;
histSize = 10000;
histFile = "$HOME/.cache/zsh_history";
interactiveShellInit = ''
zle-line-init() {
emulate -L zsh
[[ $CONTEXT == start ]] || return 0
while true; do
zle .recursive-edit
local -i ret=$?
[[ $ret == 0 && $KEYS == $'\4' ]] || break
[[ -o ignore_eof ]] || exit 0
done
local saved_prompt=$PROMPT
local saved_rprompt=$RPROMPT
PROMPT='\$ '
RPROMPT='''
zle .reset-prompt
PROMPT=$saved_prompt
RPROMPT=$saved_rprompt
if (( ret )); then
zle .send-break
else
zle .accept-line
fi
return ret
}
zle -N zle-line-init
'';
};
#starship
starship = {
enable = true;
settings = {
add_newline = false;
format = "$sudo$nix_shell\${custom.direnv}$cmd_duration\n$git_metrics$git_state$git_branch\n$directory$character";
format = "$cmd_duration$git_metrics$git_state$git_branch\n$status$directory$character";
right_format = "$sudo$nix_shell\${custom.direnv} $time";
continuation_prompt = " ";
character = {
success_symbol = "[\\$](#9ece6a bold)";
error_symbol = "[\\$](#db4b4b bold)";
};
status = {
disabled = false;
format = "[$status]($style) ";
};
nix_shell = {
format = "[󱄅 ](#74b2ff)";
heuristic = true;
@ -104,6 +141,19 @@
style = "#36c692";
when = "printenv DIRENV_FILE";
};
time = {
format = "[$time]($style)\n";
time_format = "%I:%M %p";
disabled = false;
};
# username = {
# format = "[$user]($style)";
# show_always = true;
# };
# hostname = {
# ssh_only = false;
# format = "[$hostname]($style)";
# };
};
};
};

4
modules/theming.nix
View file

@ -4,9 +4,9 @@ _: {
lib,
...
}: let
cfg = config.localModules.theming;
cfg = config.local.theming;
in {
options.localModules.theming = {
options.local.theming = {
enable = lib.mkEnableOption "";
kmscon.enable = lib.mkEnableOption "";
};